A recent study by X-Analytics has revealed that silent cyber risks are one of the major impediments to growth in the cyber re/insurance market, and that measurement of cyber risk in general is highly deficient among both customers and the wider re/insurance industry.
Non-affirmative cyber, or silent cyber, refers to instances where cyber perils like service interruptions or data breaches are neither explicitly included nor excluded by a re/insurance policy’s wording, according to cyber risk-modeller X-Analytics.
The survey of 78 brokerages and re/insurance companies, which was sponsored by Secure Systems Innovation Corporation (SSIC), the cyber risk management firm that created X-Analytics, found that 77% of respondents believed the industry needs to urgently address silent cyber risks.
Additionally, 22% recognised that there was no way to swiftly resolve the issue of silent cyber risk, and 47% admitted they had no clear connection between core cyber peril events and cyber risk insurance cover elements in their policy wording.
When asked why cyber insurance is not purchased by more companies as a risk transfer option, respondents cited firms not understanding their own risk exposures as the main factor, followed by poor understanding of policy coverage and confusing policies.
X-Analytics also found that 89% of respondents are aware that their customers have inadequate methods for measuring the cost of a data breach, and that the same percentage knew their customers could not adequately measure the potential impact of a cyber extortion event.
87% of brokers and re/insurers were also aware that their customers had inadequate measurement systems for theft of intellectual property, and 83% felt customers could not measure the cost of a cyber-attack that interrupts service.
Furthermore, the survey revealed that 62% of respondents agreed that a series of catastrophic cyber events or a systemic cyber event will drastically alter the way in which re/insurers measure the risk profile of cyber insurance applicants.
Robert Vescio, Chief Analytics Officer at SSIC and inventor of X-Analytics, commented on the survey’s findings: “There are more than 130 insurers writing cyber premiums globally. Does this mean that cyber risk is well-understood and that there are agreed-upon standards for underwriting throughout the industry? According to the survey, the answer is a resounding ‘no.’ Cyber risk is clearly not yet well-enough understood or measured right now.
“There remains significant market pressure to underwrite and quote policies as efficiently as possible, even while admitting a widespread inability to measure an applicant’s risk profile. This generates mismatches between desirable underwriting principles and prevalent practices for writing cyber cover today.
“The survey also highlights an urgent need to model non-affirmative or ‘silent’ cyber risk and develop a better understanding of aggregate risk within an insurer’s portfolio. Many insurers are now concerned that a series of major cyber events could rapidly erode the finite margin across numerous portfolios and test if there is enough capital to cover significant cyber-related claims within a calendar year.”